I live in a country with one of the most restricted internets in the world. Many sites in many categories are blocked, from adult/gambling/dating/nudity to VoIP and proxy bypass information. This is done in several ways, predominantly through a company called Secure Computing as well as through dynamic filters.
NB: I am NOT soliciting information on how to get round this censorship. I have access to a legal free zone where there is unblocked internet. Please don’t post censorship-busting information as it will make SDMB eligible for blocking here.
My question is a purely techical one. Many sites, and I would rather not list most of them, that allow one to bypass the censorship, are obviously blocked. However their https versions are still open. For example:
http://www.[PROXYBYPASSSITE].com is blocked https://www.[PROXYBYPASSITE].com is not blocked
Can anyone explain why this might be? I had originally assumed it was impossible to block https addresses (without blocking all https entirely, including legitimate sites) but apparently this is not true. I am very curious as to why so many loopholes are being left open. Surely if it is possible to add https sites to a blacklist, then Secure Computing would do this automatically for all the new http sites it finds?
Is it plausible that the techs at Secure Computing are just not very good? I worked for a fairly large company a few years ago who thought they had a whitelist approach to external sites. Which they did for URLs, however using the IP address was unrestricted. I was there for a year before they noticed. Just sayin…
Well apparently the numeric IP addresses of many blocked sites are still accessible, so perhaps that’s it.
I just find it hard to believe that one of the world’s leading companies in a particular tech field is actually completely incompetent at its job. So I was wondering if either:
(1) there are some tech issues that complicate the blocking of SSL/https
(2) someone on the “factory floor” who secretly opposes censorship is deliberately leaving this stuff open
It takes an extra step to block another protocol, depending on HOW they’re blocking the sites.
They probably didn’t realize there was any HTTPS content there, so they didn’t bother.
The thing to consider here is that https is not just an alternative to http. Aside from the fact that it uses a different port (443 instead of 80), which might be responsible for getting around the company’s firewalling, there’s the whole certificate verification handshaking and encryption overhead. A web server needs to specifically be listening on that port, have a server-side certificate and then to handle all of the traffic encryption/decryption overhead. Most sites, I suspect, won’t go to the trouble and expense of doing that without a damn good reason.
Perhaps the Dubai authorities are content with a veneer of net prophylaxis. A nod and a wink towards censorship? The place seems hell bent on becoming MegaCityOne so perhaps…
Yes - could be. For example they recently blocked YouTube. Only they failed to block www2, www3, www4 YouTube, all of which work fine. This has even been mentioned on messageboards, blogs and newspapers (though most of us have been trying to keep it quiet) yet they still haven’t blocked these alternatives. It’s probably imminent though.